Skip to main content

Apple finally expands its bug bounty program to accept MacOS bugs

Apple’s 3-year-old bug bounty program has finally, officially expanded to accept bug submissions from other Apple ecosystem platforms, including MacOS. The technology company announced its plans for the expansion just a few months ago, during the Black Hat cybersecurity conference. Apple appears to have launched the expansion of its Security Bounty program on Thursday, December 19, via a new webpage published on its site that provides further details on the updated program.

The Apple Security Bounty program is essentially a program in which Apple incentivizes security researchers to find bugs in Apple’s various operating systems and report them to the company in exchange for a pretty sizable monetary reward. As ZDNet notes, when the program was first launched in 2016, it only accepted bug reports for iOS bugs from certain researchers who had been invited to participate in the program. But as of this week, the Security Bounty program has officially expanded to not only accept MacOS bugs, but also bugs from other Apple operating systems, and it now allows the participation of all security researchers.

The newly published webpage on Apple’s website provides details on the current iteration of the Security Bounty program, including eligibility guidelines, bounty categories (and their associated maximum rewards), and instructions on how to submit a bug report. There’s even a separate page that lists example payouts for different kinds of bugs.

In addition to MacOS bugs, the program officially accepts bug reports for iOS, iPadOS, tvOS, and WatchOS. There doesn’t appear to be any MacOS specific-guidelines for submitting bug reports about it, but generally speaking, in order to be eligible for a bounty, researchers must follow three main guidelines:

  1. You have to be the first one to report the bug to Apple Product Security.
  2. A report must be submitted and it should be “clear” and contain “a working exploit.”
  3. You can’t publicize the bug until “Apple releases the security advisory for the report.”

It’s also worth noting that if the bug has “significant impact to users,” Apple will still take it into consideration for a bounty payment even if it doesn’t “fit the published bounty categories.” Also, the bounties themselves aren’t tiny. In fact, the smallest example payout listed was $25,000 and the largest payout appears to be $1 million.

Editors' Recommendations

Anita George
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Will my Mac get macOS 14?
MacOS Sonoma.

MacOS 14 is coming and coming soon, and thanks to Apple's big keynote address at WWDC 2023, we now know what it can do, what it's called, and who can get it. The next generation Mac operating system is codenamed Sonoma, and it's bringing gaming to macOS in a big way, as well as improving video calls, and security. It's going to be available for most modern Mac and MacBook users, but there are some legacy systems that are unfortunately being left out in the cold.

Wondering if your Mac can get macOS 14? Here's everything we know about what Macs are and aren't compatible with Sonoma.

Read more
Apple’s macOS Sonoma has a game-changing feature — literally
apple could fix mac game porting wwdc 2023 gaming 1

Apple’s Worldwide Developers Conference (WWDC) was chock-full of new announcements, and it’s fair to say that between the Vision Pro headset and all of Apple’s new Macs, macOS was far from the biggest new reveal. Yet, there was one new macOS feature that could be absolutely game-changing.

That’s because right now, Mac gaming is in a pretty bad way. Gamers don’t buy Macs because there aren’t enough good games, and developers don’t port their games to the Mac because there aren’t enough people to play them. It’s a chicken-and-egg situation caught in a death spiral.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more